Removing Private AS Numbers in BGP
Autonomous System (AS) is identified by a number in the range 1 to 65535. AS numbers in the range 1 to 64511 are assigned by InterNIC. These are reserved and globally unique AS numbers. AS numbers in the range 64512 to 65535 are known as private AS numbers, and like private IP addresses, these can be used to address ASs when a globally unique AS number is not necessary. It is important to ensure that the private AS numbers are not introduced into the global BGP table through the AS-Path attribute. To removing private AS numbers in BGP the AS-Path attribute in outbound routing updates, issue the neighbor remove-private-as command in router configuration mode. [boxads]
Most companies have acquired their own AS number and also some have implemented Private AS numbers connected to their Public AS network. They might have created a private AS number per region. There are others also who run BGP and are using private AS connected to their ISP using PA (Provider Allocated) Public IP addresses. No matter, how its implemented, announcing the private AS number you are using to the internet is a big NO, NO. ISP’s should filter these private AS and not advertise them out to the internet.
Consider the diagram below. Let’s say R1 is in Company A and is connected to its ISP using a private AS number 65535. The task we need to complete here is to filter any private AS to be announced to R2 so that R2 will only see the AS number of the ISP.
Firstly, I have done configuring the IP addresses indicated in the diagram. Created Loopback0 and Loopback10 in R1 and ISP and advertised them in BGP. Of course, all routers have BGP established. I have also announced networks 123.123.123.123/32 and 12.12.12.12/32 in the ISP router.[adsense]Now, lets check what R2 sees in the BGP table.
We see that the AS path to get to 1.1.1.1/32 and 11.11.11.11/32 is through AS 100 then AS65535. Lets do a filtering in ISP router not to advertise this private AS but instead make the ISP’s AS the originating AS.[bodyads]
ISP(config)#router bgp 100
ISP(config-router)#neighbor 192.168.20.1 remove-private-as
The “remove-private-as” appended to the neighbor statement ensures that any private AS connected to the ISP will not appear in the AS path. Lets clear the BGP process by doing “clear ip bgp * soft” on ISP router and see what R2 BGP table.
The networks from R1 now is seen originated from AS 100. The private AS number was removed by the command we issued. Note that this command works in the outbound direction and should be placed on the networks with public AS number but have private AS connected to them. I tried this command on R2 before I added in ISP but I didn’t work because like what I mentioned, this works in the outbound direction.